cancel
Showing results for 
Search instead for 
Did you mean: 

SAP Web Dispatcher Configuration (SSL, certificates)

Former Member
0 Kudos

Hi all,

We're trying to configure the SAP Web Dispatcher for the use of SSL (terminated) and client authentication using x.509 certificates. All works (almost)fine. However, there's some strange behavior that I can not explain.

The following access point have been specified in the profile:

  1. Description of the Access Points

icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=15

icm/server_port_2 = PROT=HTTP, PORT=83, TIMEOUT=15

icm/HTTPS/verify_client = 2

Basicly we only need users to access the web dispatcher using SSL. However, when I remove the line: icm/server_port_2 = PROT=HTTP, PORT=83, TIMEOUT=15

The Web Dispatcher returns an error upon accessing it using HTTPS:

Dispatching Error

Error: -26

Version: 6040

Component: HTTP_ROUTE

Date/Time: Tue Mar 14 07:19:38 2006

Module: http_route.c

Line: 2383

Server: sapvm1_DVS_26

Detail: no valid destination server available for '!ALL' rc=13

Any help would be highly appreciated. Thanks!

Frodo

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

hi frodo,

hope you have followed help.sap.com when configuring the webdispatcher.

Try this link, it might help you:

Regards,

SK.

Former Member
0 Kudos

Hi SK,

Of course I followed the documentation:) It's just that to me it's unclear why the dispatcher works when we include a setting that's, in my opinion, not needed at all. Do you have any suggestions?

Thanks,

Frodo

Former Member
0 Kudos

Hi Frodo,

I am not sure.. but, just trying to give a logical explanation hmmm....

The SAP Webdispatcher is first installed for HTTP.. and later configured to support SSL.

Since you have configured for SSL(terminated)...

https --> is from client to web-dispatcher

http --> is from webdispatcher to the WAS instance

So, may be, it needs that "icm/server_port_2" line to communicate with the WAS instance through <i>http</i>.

Hope it helps!

Regards,

SK.

Former Member
0 Kudos

Hi SK,

I've thought about the same explanation myself as well but on second thought it didn't rally makes sense (or does it?

The parameter is there to set the access point, it specifies information for the incoming connection, not the outgoing connection to the WAS instance.

Also, you would never be able to only allow HTTPS based connections like this? (sure, you could set some firewall restictions but I would like to control this using the Web Dispatcher, as it is suppose to do).

I'll try to do some more tests tonight...

Frodo

Former Member
0 Kudos

Hi Frodo,

After those tests, Plz do share your observations with us.

Have a nice day!

Regards,

Sk.

Former Member
0 Kudos

Hi KS,

Maybe you were right afterall I found a nice How to on the servce.sap.com (https://websmp203.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000073632&_SCENARIO=01100035870000000202) and it seems you do have to add the HTTP server_port parameter in case SSL is being terminated (no re-encryption).

icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=15

icm/server_port_1 = PROT=HTTP, PORT=0, TIMEOUT=15

However, the trick is to set the port to zero (0), that way you can still only access the Web Dispatcher via HTTPS.

All is working now.

Frodo